Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 18 Update: putty-0.63-1.fc18
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Wednesday 21st August 2013 00:01:06 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-14676
2013-08-12 16:54:32
--------------------------------------------------------------------------------

Name        : putty
Product     : Fedora 18
Version     : 0.63
Release     : 1.fc18
URL         : http://www.chiark.greenend.org.uk/~sgtatham/putty/
Summary     : SSH, Telnet and Rlogin client
Description :
Putty is a SSH, Telnet & Rlogin client - this time for Linux.

--------------------------------------------------------------------------------
Update Information:

This is an update that fixes several bugs, for details see upstream
announcement: http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
This is an update that fixes four CVEs:
CVE-2013-4206
CVE-2013-4207
CVE-2013-4208
CVE-2013-4852

--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 12 2013 Jaroslav ┼ákarvada <[email protected]> - 0.63-1
- New version
  Resolves: rhbz#995610
- Dropped perms, CVE-2013-4852, CVE-2013-4206, CVE-2013-4207,
  CVE-2013-4208 patches (all in upstream)
* Thu Aug  8 2013 Jaroslav ┼ákarvada <[email protected]> - 0.62-7
- Fixed a heap-corrupting buffer underrun bug in the modmul function
  Resolves: CVE-2013-4206
- Fixed a buffer overflow vulnerability in the calculation of modular
  inverses when verifying a DSA signature
  Resolves: CVE-2013-4207
- Fixed problem when private keys are left in memory after being
  used by PuTTY tools
  Resolves: CVE-2013-4208
* Mon Aug  5 2013 Jaroslav ┼ákarvada <[email protected]> - 0.62-6
- Fixed integer overflow
  Resolves: CVE-2013-4852
- Fixed bogus dates in changelog (best estimated)
* Sun Aug  4 2013 Fedora Release Engineering
 - 0.62-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering
 - 0.62-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #993031 - CVE-2013-4206 CVE-2013-4207 CVE-2013-4208
CVE-2013-4852 putty: Integer overflow, leading to heap-based buffer
overflow during SSH handshake
        https://bugzilla.redhat.com/show_bug.cgi?id=993031
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update putty' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms